This work exposes a covert data exfiltration vulnerability in the QUIC protocol’s Server Preferred Address (SPA) mechanism: attackers masquerade as legitimate connection migrations to stealthily transmit sensitive data from compromised hosts to malicious servers. We propose the first fingerprint-free, firewall-invisible exfiltration technique leveraging SPA, evading existing TLS- and DNS-based leakage detection systems. A Rust-based proof-of-concept tool is developed and evaluated on over 700,000 QUIC packets and 786 real-world migration events. Five detection models—Random Forest, MLP, SVM, Autoencoder, and Isolation Forest—fail to identify the attack. Post-hoc traffic analysis reveals no statistically or behaviorally distinguishable fingerprints. Major firewall vendors confirm that malicious migrations are indistinguishable from benign ones. Our findings empirically demonstrate critical security gaps in QUIC’s connection migration design, providing actionable insights for protocol standardization and network boundary monitoring.

The QUIC protocol is now widely adopted by major tech companies and accounts for a significant fraction of today's Internet traffic. QUIC's multiplexing capabilities, encrypted headers, dynamic IP address changes, and encrypted parameter negotiations make the protocol not only more efficient, secure, and censorship-resistant, but also practically unmanageable by firewalls. This opens doors for attackers who may exploit certain traits of the QUIC protocol to perform targeted attacks, such as data exfiltration attacks. Whereas existing data exfiltration techniques, such as TLS and DNS-based exfiltration, can be detected on a firewall level, QUIC-based data exfiltration is more difficult to detect, since changes in IP addresses and ports are inherent to the protocol's normal behavior. To show the feasibility of a QUIC-based data exfiltration attack, we introduce a novel method leveraging the server preferred address feature of the QUIC protocol and, thus, allows an attacker to exfiltrate sensitive data from an infected machine to a malicious server, disguised as a server-side connection migration. The attack is implemented as a proof of concept tool in Rust. We evaluated the performance of five anomaly detection classifiers - Random Forest, Multi-Layer Perceptron, Support Vector Machine, Autoencoder, and Isolation Forest - trained on datasets collected from three network traffic scenarios. The classifiers were trained on over 700K benign and malicious QUIC packets and 786 connection migration events, but were unable to detect the data exfiltration attempts. Furthermore, post-analysis of the traffic captures did not reveal any identifiable fingerprint. As part of our evaluation, we also interviewed five leading firewall vendors and found that, as of today, no major firewall vendor implements functionality capable of distinguishing between benign and malicious QUIC connection migrations.